Saturday, March 2, 2024

Smartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock Smartphone

IoT extends the connectivity of physical devices beyond the standard devices, it affects the daily lives of the users and their information security.

Wearables increase the efficiency of data gathering, researchers from the University of Michigan and the University of South Carolina found it is possible to add thousands of steps to a Fitbit using sound waves at different frequencies.

Experts believe that IoT could contain more than 30 billion objects by 2020 and its market value could reach $7.1 trillion by 2020.

Security researchers from Kaspersky published a research report on examining how wearable signals within wearable devices could allow attackers to intrude victims’ privacy and to gain access to the corporate network of the company they associated.

Most of the smartwatches are cyberphysical systems that controlled by computer algorithms and they are equipped with sensors like magnetometers, accelerometers, and gyroscopes that logs user data.

Kingwear KW88 and PYiALCY X200 smartwatches are selected for this study due it’s simplicity of writing apps for them and they developed a simple app for the study.

Tracking the Victim

With smartwatch inbuilt accelerometers and gyroscopes signals readings, it can be assumed the user activity at the moment.

When the user is walking, the hand wearing the smartwatch oscillates like a pendulum. Pendulum swings are a periodic process, so it can be assumed that the user was walking at that moment.

Pic Courtesy: SecureList

In another segment there no change with the periodic oscillations but the change in the accelerometer signal envelope axis. Possibly it could be a public transport with stops.

Another time slice is with short periods of activities and unexpected hand movements, researchers assumed the person could probably indoors.

Pic Courtesy: SecureList

PIN codes

According to researchers, it is possible to capture a PIN code based on the accelerometer and gyroscope signals from a smartwatch.

By deciphering the three axes of the accelerometer and gyroscope signals, a random person pin code can be detected with a minimum accuracy of 80%.

Computer and smartphones unlocking

For unblocking the device the hand movements and corresponding acceleration are minimal. Based on the cross-correlation of data for the corresponding axes of the accelerometer and gyroscope.

Smallest cross-correlation function values obtained for unlocking smartphones (up to 64%), and for computer password it is the largest (up to 96%).

Researchers concluded that “without a doubt, portable cyber-physical systems expand the attack surface for potential intruders. The recorded signals can be transmitted by the phone to the attacker’s server whenever the latter has access to the Internet.”

“So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact”.


Latest articles

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles